The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

computer vulnerability announce CVE-2015-0332 CVE-2015-0333 CVE-2015-0334

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 13/03/2015.
Identifiers: 2755801, APSB15-05, CERTFR-2015-AVI-114, CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342, openSUSE-SU-2015:0490-1, openSUSE-SU-2015:0496-1, openSUSE-SU-2015:0725-1, RHSA-2015:0697-01, SUSE-SU-2015:0491-1, SUSE-SU-2015:0493-1, VIGILANCE-VUL-16387, ZDI-15-087.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0332]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0333]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0335]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0339]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0334]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0336]

An attacker can access to data of another web site. [severity:2/4; CVE-2015-0337]

An attacker can upload a malicious file, in order for example to upload a Trojan. [severity:3/4; CVE-2015-0340]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0338]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0341, ZDI-15-087]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0342]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-2152

Xen: privilege escalation via VGA Backend

Synthesis of the vulnerability

A local attacker can use the VGA Backend of Xen, in order to access to a guest system.
Impacted products: Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, Xen.
Severity: 2/4.
Creation date: 12/03/2015.
Identifiers: CERTFR-2015-AVI-113, CVE-2015-2152, FEDORA-2015-3721, FEDORA-2015-3944, openSUSE-SU-2015:0732-1, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:0613-1, VIGILANCE-VUL-16384, XSA-119.

Description of the vulnerability

When an HVM x86 qemu guest instantiate an emulated VGA device, a backend is started for SDL or VNC.

However, this backend is started even when the configuration does not indicate "sdl=1" nor "vnc=1". The impact then depends on the qemu-xen compilation method:
 - if qemu-xen is compiled with SDL: a SDL window is opened with $DISPLAY
 - else: a VNC server listens on localhost

A local attacker can therefore use the VGA Backend of Xen, in order to access to a guest system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-0311

Adobe Flash Player: use after free via UncompressViaZlibVariant

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious Adobe Flash Player animation, to force the usage of a freed memory area in ByteArray::UncompressViaZlibVariant, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 22/01/2015.
Revisions dates: 23/01/2015, 12/03/2015.
Identifiers: 2755801, APSA15-01, CVE-2015-0311, openSUSE-SU-2015:0150-1, openSUSE-SU-2015:0174-1, RHSA-2015:0094-01, SUSE-SU-2015:0151-1, SUSE-SU-2015:0163-1, VIGILANCE-VUL-16034.

Description of the vulnerability

The Adobe Flash Player product displays animations included in web pages.

However, the ByteArray::UncompressViaZlibVariant function frees a memory area before reusing it.

An attacker can therefore invite the victim to display a malicious Adobe Flash Player animation, to force the usage of a freed memory area in ByteArray::UncompressViaZlibVariant, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2014-8159

Linux kernel: integer overflow of Infiniband

Synthesis of the vulnerability

A local attacker can generate an integer overflow in the Infiniband implementation of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/03/2015.
Identifiers: 1181166, 1413741, CERTFR-2015-AVI-112, CERTFR-2015-AVI-128, CERTFR-2015-AVI-136, CERTFR-2015-AVI-144, CERTFR-2015-AVI-164, CERTFR-2015-AVI-190, CVE-2014-8159, DSA-3237-1, FEDORA-2015-4059, FEDORA-2015-5024, RHSA-2015:0674-01, RHSA-2015:0695-01, RHSA-2015:0726-01, RHSA-2015:0727-01, RHSA-2015:0751-01, RHSA-2015:0782-01, RHSA-2015:0783-01, RHSA-2015:0803-01, RHSA-2015:0870-01, RHSA-2015:0919-01, SUSE-SU-2015:1071-1, SUSE-SU-2015:1376-1, SUSE-SU-2015:1478-1, USN-2525-1, USN-2526-1, USN-2527-1, USN-2528-1, USN-2529-1, USN-2530-1, USN-2561-1, VIGILANCE-VUL-16382.

Description of the vulnerability

The InfiniBand technology is used to transmit data efficiently. It uses the Verbs API.

However, a local attacker can access to /dev/infiniband/uverbsX, and use a large parameter, to force an integer overflow in the ib_umem_get() function, triggering an error in the computation of a memory address.

A local attacker can therefore generate an integer overflow in the Infiniband implementation of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2014-9705 CVE-2015-2301 CVE-2015-8866

PHP: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, HP-UX, MBS, openSUSE, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 10/03/2015.
Revision date: 12/03/2015.
Identifiers: 64938, 68552, 68827, 68901, bulletinjul2015, c04686230, CVE-2014-9705, CVE-2015-2301, CVE-2015-8866, DLA-499-1, DSA-3195-1, DSA-3198-1, DSA-3198-2, DSA-3602-1, FEDORA-2015-2315, FEDORA-2015-2328, HPSBUX03337, HTB23252, MDVSA-2015:079, MDVSA-2015:080, openSUSE-SU-2015:0644-1, openSUSE-SU-2016:1274-1, openSUSE-SU-2016:1357-1, openSUSE-SU-2016:1373-1, RHSA-2015:1053-01, RHSA-2015:1066-01, RHSA-2015:1135-01, RHSA-2015:1218-01, SSA:2015-111-10, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-2535-1, VIGILANCE-VUL-16360.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can generate a buffer overflow in enchant_broker_request_dict, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 68552, CVE-2014-9705, HTB23252]

An attacker can force the usage of a freed memory area in ZMM, but with no impact on security. [severity:0/4; 68827]

An attacker can force the usage of a freed memory area in phar_object.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 68901, CVE-2015-2301]

An attacker can transmit malicious XML data via libxml_disable_entity_loader, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4; 64938, CVE-2015-8866]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-2151

Xen: memory corruption via Segment Override

Synthesis of the vulnerability

An attacker in a guest system can generate a memory corruption with a Segment Override of Xen, in order to trigger a denial of service, and possibly to execute code on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 10/03/2015.
Identifiers: CERTFR-2015-AVI-109, CERTFR-2015-AVI-110, CTX200484, CVE-2015-2151, DSA-3181-1, FEDORA-2015-3721, FEDORA-2015-3944, openSUSE-SU-2015:0732-1, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, RHSA-2016:0450-01, SUSE-SU-2015:0613-1, VIGILANCE-VUL-16357, XSA-123.

Description of the vulnerability

The Xen product emulates x86 processors. An x86 instruction can use a Segment Override. For example:
  mov ax, [es:1234]

However, if the Segment Override is encoded with some operands, a memory corruption occurs.

An attacker in a guest system can therefore generate a memory corruption with a Segment Override of Xen, in order to trigger a denial of service, and possibly to execute code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-2150

Xen: denial of service via PCI Command Register

Synthesis of the vulnerability

An attacker in a guest system can change the PCI Command Register on Xen, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, Xen.
Severity: 1/4.
Creation date: 10/03/2015.
Identifiers: CERTFR-2015-AVI-109, CERTFR-2015-AVI-198, CERTFR-2015-AVI-236, CERTFR-2015-AVI-254, CVE-2015-2150, DSA-3237-1, FEDORA-2015-4059, FEDORA-2015-5024, FEDORA-2015-6294, FEDORA-2015-6320, openSUSE-SU-2015:0713-1, openSUSE-SU-2016:0301-1, SUSE-SU-2015:0658-1, SUSE-SU-2015:1376-1, SUSE-SU-2015:1478-1, SUSE-SU-2015:1592-1, SUSE-SU-2015:1611-1, USN-2589-1, USN-2590-1, USN-2613-1, USN-2614-1, USN-2631-1, USN-2632-1, VIGILANCE-VUL-16356, XSA-120.

Description of the vulnerability

The Xen product supports devices in mode Pass Through.

However, a guest system can change all bits of the PCI Command Register, such as those disabling the memory decoding.

An attacker in a guest system can therefore change the PCI Command Register on Xen, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-0288

OpenSSL: NULL pointer dereference via X509_to_X509_REQ

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of service.
Impacted products: Arkoon FAST360, ProxySG, SGOS, FabricOS, Brocade Network Advisor, Cisco ASR, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS XE Cisco, Cisco IPS, IronPort Email, IronPort Web, Cisco Nexus, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, WebNS, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, IRAD, Tivoli Workload Scheduler, Juniper J-Series, JUNOS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, MBS, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 09/03/2015.
Identifiers: 1701334, 1964410, 55767, 9010031, c04679334, CERTFR-2015-AVI-089, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, CVE-2015-0288, DSA-3197-1, DSA-3197-2, FEDORA-2015-4300, FEDORA-2015-4303, FEDORA-2015-6855, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2015:0800-01, SA40001, SB10110, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, TNS-2015-04, USN-2537-1, VIGILANCE-VUL-16342.

Description of the vulnerability

The OpenSSL product processes X.509 certificates.

However, the X509_to_X509_REQ() function does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-0209

OpenSSL: use after free via d2i_ECPrivateKey

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in d2i_ECPrivateKey of OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Impacted products: ArubaOS, ProxySG, SGOS, FabricOS, Brocade Network Advisor, Cisco ASR, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS XE Cisco, Cisco IPS, IronPort Email, IronPort Web, Cisco Nexus, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, WebNS, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, JUNOS, Junos Pulse, Junos Space, Junos Space Network Management Platform, Juniper Network Connect, NSM Central Manager, NSMXpress, Juniper SBR, MBS, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 09/03/2015.
Identifiers: 1698703, 1701334, 1902519, 1960491, 1964410, 55767, 7043086, 9010031, ARUBA-PSA-2015-007, c04679334, CERTFR-2015-AVI-089, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, CVE-2015-0209, DSA-3197-1, DSA-3197-2, FEDORA-2015-10047, FEDORA-2015-10108, FEDORA-2015-4300, FEDORA-2015-4303, FEDORA-2015-6855, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, SA40001, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, TNS-2015-04, TSB16661, USN-2537-1, VIGILANCE-VUL-16341.

Description of the vulnerability

The OpenSSL product implements the Elliptic Curves algorithm.

However, the d2i_ECPrivateKey() function frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in d2i_ECPrivateKey() of OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-0138 CVE-2015-0204

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Impacted products: Arkoon FAST360, ArubaOS, Avaya Ethernet Routing Switch, ProxyAV, ProxySG, SGOS, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Cisco Nexus, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, Chrome, HP NNMi, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS, WebSphere MQ, Juniper J-Series, JUNOS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, Domino, Notes, MBS, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows (platform) ~ not comprehensive, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Java Oracle, Solaris, pfSense, Puppet, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 04/03/2015.
Revision date: 09/03/2015.
Identifiers: 122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, cisco-sa-20150310-ssl, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585.

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: